CVE-2018-8804

Published: 20 March 2018

WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.

Priority

CVSS 3 base score: 8.8

Status

Package	Release	Status
imagemagick Launchpad, Ubuntu, Debian	artful	Released (8:6.9.7.4+dfsg-16ubuntu2.2)
	bionic	Released (8:6.9.7.4+dfsg-16ubuntu6.2)
	precise	Does not exist
	trusty	Does not exist (trusty was released [8:6.7.7.10-6ubuntu3.11])
	upstream	Released (8:6.9.9.39+dfsg-1)
	xenial	Released (8:6.8.9.9-7ubuntu5.11)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8804
https://ubuntu.com/security/notices/USN-3681-1
NVD
Launchpad
Debian

Bugs

https://github.com/ImageMagick/ImageMagick/issues/1025

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›